hxxps://online[.]tdaqs[.]com[.]au/web/autoform[.]html?script=WebForm&param=1&$f=R38e5t&$r=3B6ECBDA-2532-42BE-8D7C-8725FC58A76D

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2024, 02:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://online.tdaqs.com.au/web/autoform.html?script=WebForm&param=1&$f=R38e5t&$r=3B6ECBDA-2532-42BE-8D7C-8725FC58A76D

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1208	msedge.exe
1208	msedge.exe
3880	msedge.exe
3880	msedge.exe
4872	identity_helper.exe
4872	identity_helper.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe
3880	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3880 wrote to memory of 4480	3880	msedge.exe	83
PID 3880 wrote to memory of 4480	3880	msedge.exe	83
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1868	3880	msedge.exe	84
PID 3880 wrote to memory of 1208	3880	msedge.exe	85
PID 3880 wrote to memory of 1208	3880	msedge.exe	85
PID 3880 wrote to memory of 3280	3880	msedge.exe	86
PID 3880 wrote to memory of 3280	3880	msedge.exe	86
PID 3880 wrote to memory of 3280	3880	msedge.exe	86
PID 3880 wrote to memory of 3280	3880	msedge.exe	86
PID 3880 wrote to memory of 3280	3880	msedge.exe	86
PID 3880 wrote to memory of 3280	3880	msedge.exe	86
PID 3880 wrote to memory of 3280	3880	msedge.exe	86
PID 3880 wrote to memory of 3280	3880	msedge.exe	86
PID 3880 wrote to memory of 3280	3880	msedge.exe	86
PID 3880 wrote to memory of 3280	3880	msedge.exe	86
PID 3880 wrote to memory of 3280	3880	msedge.exe	86
PID 3880 wrote to memory of 3280	3880	msedge.exe	86
PID 3880 wrote to memory of 3280	3880	msedge.exe	86
PID 3880 wrote to memory of 3280	3880	msedge.exe	86
PID 3880 wrote to memory of 3280	3880	msedge.exe	86
PID 3880 wrote to memory of 3280	3880	msedge.exe	86
PID 3880 wrote to memory of 3280	3880	msedge.exe	86
PID 3880 wrote to memory of 3280	3880	msedge.exe	86
PID 3880 wrote to memory of 3280	3880	msedge.exe	86
PID 3880 wrote to memory of 3280	3880	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://online.tdaqs.com.au/web/autoform.html?script=WebForm&param=1&$f=R38e5t&$r=3B6ECBDA-2532-42BE-8D7C-8725FC58A76D
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd71646f8,0x7ffcd7164708,0x7ffcd7164718
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,10712484832442516679,10650610826376992804,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,10712484832442516679,10650610826376992804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,10712484832442516679,10650610826376992804,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10712484832442516679,10650610826376992804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10712484832442516679,10650610826376992804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,10712484832442516679,10650610826376992804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,10712484832442516679,10650610826376992804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10712484832442516679,10650610826376992804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10712484832442516679,10650610826376992804,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10712484832442516679,10650610826376992804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,10712484832442516679,10650610826376992804,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,10712484832442516679,10650610826376992804,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
c0bc47b09aac0c19d274d04ad6bbe276

SHA1
903957486681c663356123e6d2d7cf3b8f37912b

SHA256
67335349e41b5ff803ede9d9a3101acbde43eadded71cd57247938b0ddd0931b

SHA512
c08a883fdc1ca5d98359ba8a63798df4bde25855169a84202f2a478e50c0dbe69580410c26802ce3d67ad1712d74e3201ca34b879ab5588a4d7696093895062e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
28fb89c8c35dff5105d92fb081e309e8

SHA1
593c0ef418001d5982a1cd8e34b7fd7201f4c718

SHA256
0b5ca1875c20bfbbced9e90ec658e92eaa0bc2607dd7f94dfaf50221431a06d4

SHA512
8838818985335a7b0ca9c5cbc06984e100ffc4bd229f8a155f10198d7d59a93ae08042f9c82a6cc0776d95d93af1514b59e2673bc41d976dffbcf0eff3cb5c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5cc738893e18a9e1a7a2490636fda7c3

SHA1
fd79b494517218226241be88ed40869763965ee9

SHA256
198363fe53190cc7c9c725761f0d5edb1d63c588472302909846dd8a66512789

SHA512
48c5ffdaa1b8c12f7c564af9f1ea9e19b3525b123587bdb7ae579a655d4639a04894884e629b5ffc492a58246314194f9c6ba76e3c15bf71f42ed79188133623

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
c47450d3132a48cb3c16b1320f71add7

SHA1
a87b872c48e5209c200da57c19ebd453d4c25f22

SHA256
51251e1fde6bc638ffdf31cfd73bbd1c0433c9d5ebe90a6e4b1ecb7435750bf3

SHA512
aced5b777e47c631a1374b6ef04cf32816f8e8c185ba7395b2ee4af9b098e2b4f137ece348e47a74004485c2c504228ba4e2644357a3c44f4b96f6683813a2d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
201B

MD5
d4bea52fb826685824ff90be7f642daa

SHA1
dd756eca9ac569fc86089ed0a5a04ff32e80b231

SHA256
2ca0ae1f680581a08df674516f679431f958818fc8cd43994fedda92604a36c9

SHA512
af3f895fe803e8beee456ec0364bddd353ea75024516dbc2427feaeb9080ca0bc86f6f57cba29079ee15379693b6a1185e5a3349e25893dd2294e158113b6937

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
24722421045f9745668024974139c601

SHA1
174ef02af0b6396f71b31866115011beee028c8d

SHA256
d4ede8ad2bba31ebea130526d7ec36f7b5bfde64e3d7c304018008f52d7584d7

SHA512
3dfef579a66c9e285bb4450f70a145dfe0c4916889351c8b6e59ddb71d5ebe25cf0454d1c4187440bad6bedd740f222cfb7d9dc9235fe7ccf33a0abac8e2d3f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
f2b562b4c92292b24b910c42675b8d5e

SHA1
91adc968260b5187b968a6f16bfd736f49b0a73a

SHA256
12bcccdf5a5908e1656bbf5bd8aebff5a5f8856a8c50dd78b6c54846538f2929

SHA512
9c67b83defbee57626843823297d306d46bef69813012b46fc8d5e8d5a0d821e3b47f3f7cac8adeec4858f93d4c9b7566038f8c73982e2d76a7ce54cf3b5f6bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
e592ab50184c04d1711ee58e0d2d471b

SHA1
be192e1d45428adfc3688eeb36e5706eb583de93

SHA256
de3cffa7d93e1f2bea3230e88ce38cc4f53c5096d0756f88f11ea5c1c15f86fb

SHA512
e02ea307f4128ecc6bd86a4beae993ef03fff2b8660a8decf409e090f3300b93eed2aa4a8514c4269d88a6049ce71e5642aafcd8d4aad3999d5b4460e70a457b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
4bfabeeb7b2e919aa345068b4588aca8

SHA1
eff261b79ecd449106f9730801f4aeb6cf5eafcd

SHA256
114f04adc69a9e0d98452e6b8d31527b5d9eb000771f404b6de5a6fe3fad5d29

SHA512
86648fe6c0e5f47d53d8d156a44112b9479174885214dec5be4585351b1b13de35e77d97179564b4e70e2320eb9ecb0e815b712d561db1a054cfe24e39d1e38b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f1f1.TMP

Filesize
201B

MD5
93d4126b8024b23cefcb13b117e92ab2

SHA1
9d30cc7c7c1cc657225865ae4082df81d44fffd9

SHA256
4726c7e7fe4a1f88ec1f9404d46fab036dc6aa51b3802001d88e939bae3f6ff1

SHA512
04a3af47f2f65dde60113ffac14e0618c6c47fcea1f04a0e8418d10e2dccb4b5e82131e02c8e76cc3d9cf276d8437f8d684ada921aa61a1ff78be9a7a9d1d0ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
212b4e5889003932997f90ab0ed5ea73

SHA1
6f5f72bbe8dea537d70dca4115ccd758344102c6

SHA256
ee8d4356897f112f6c0fcf826691f2f77e377c15512bdcd4126b8853daf1ccfe

SHA512
031e43e14ce5a4743600f2282d3cd8ff8fab193e21554828f2b0fded7b0c9b62ac024d18be9dc54d0100485814c2c773275abe901672f7c2a0b4ba7395d9a7d7

Download Submit